Acceptable use policy
Published on: January 2024
Previous versions
May, 2022March, 2022December, 2021November, 2021June, 2021March, 2021December, 2020November, 2020January, 2020March, 2018September, 2017April, 2017This Acceptable Use Policy applies to your use of Telesign’s Services, and these obligations apply in addition to any obligations set out in Telesign’s Terms of Service (or if your company has a separate agreement with Telesign for the provision of services from Telesign to you, the terms of that separate agreement (in either case, the “Agreement”). Any capitalized terms herein shall have the meaning set out in the Agreement.
You agree to comply with the terms and conditions set out in this Acceptable Use Policy as follows:
Table of content
Content Standards:
Any content stored or sent via the Services shall comply with the following standards:
- All content must include identification of the Client including but not limited to Client name, brand name, company, or brand identity.
- No promotional or marketing content may be sent unless the User has consented to receive such content via specific opt-in acknowledgment.
- All promotional and marketing content must contain a specific opt-out mechanism in compliance with Applicable Laws.
- All content must comply with Applicable Laws and any requirements set out in any applicable industry or relevant telecommunications operators and/or carrier’s (“Carrier”) code of conduct, guidelines or similar requirement. Such industry guidelines may include but not limited to the Mobile Marketing Association’s Code of Conduct, the Consumer Best Practices Guideline, the CTIA Short Code Monitoring Handbook, the then-current requirements of the US Common Short Code Administrator and other similar guidelines and standards established for mobile marketing and messaging in applicable countries such as CWTA (Canada) and Phone pay plus (United Kingdom).
- Content must not be defamatory, slanderous or libelous.
- Content must not contain any information that would require Telesign or Client to comply with any financial regulations or the Payment Card Industry Data Security Standards (“PCI DSS”).
- Content must not contain any Personal Health Information (“PHI”) as defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including any information about health status, provision of health care, or payment for health care that can be linked to a specific individual.
- Content must not violate any system or network security of Telesign, a User or third party.
- Content must not be illegal, unauthorized, prohibited, fraudulent, deceptive, inaccurate or misleading (including, without limitation, by using a false identity or forged address or telephone number).
- Content must not contain pornography, nudity, sexual activity or similar adult-themed materials.
- Content must not contain information in which the failure or delay of Services could lead to death, personal injury, physical property damage or environmental damage.
- Content must not contain any viruses, worms, trap doors, back doors, timers, clocks, counter or other limiting routines, instructions or designs, or contain any unauthorized code.
- Client shall be liable to pay any fines or penalties levied by a Carrier, and to fulfil any indemnification obligation owed by Telesign to any Carrier, as a result of Client’s noncompliance with the Content Standards set forth herein.
SPAM Policy:
- Client must not use the Services to send any message without the prior express consent of the recipient, or any message sent after the recipient has expressly withdrawn its consent to receive such message, or otherwise for fraudulent purposes (“SPAM”). SPAM may include (but is not limited to) the sending of bulk SMS and RCS messages to a list of telephone numbers without prior consent from the holders of such telephone numbers, or the sending of marketing messages to Users that have not expressly consented to receive such messages. Telesign’s decision as to whether Client is using the Services to send SPAM shall be final.
- Client must comply with all anti-SPAM laws and regulations, including, but not limited to, the CAN-SPAM Act of 2003, the Telephone Consumer Protection Act, the Telemarketing and Consumer Fraud and Abuse Prevention Act, the Children’s Online Privacy Protection Act and the Do-Not-Call Implementation Act (or any similar or analogous anti-spam, data protection, or privacy statutes or regulations in any other jurisdiction).
- If Telesign suspects Client’s account is being used to send SPAM:
- Telesign may without prior notice immediately suspend some or all of the Services.
- upon notice from Telesign, Client must immediately take all necessary action to cease such SPAM, including suspending or terminating any User account.
- Telesign and Client shall cooperate to cease the sending of SPAM, including sharing User details where necessary to identify the sender of SPAM.
- Telesign may, without prior notice to Client, notify Carriers or other required-to-be-informed third parties.
- If Client suspects that its account is being used to send SPAM, Client must immediately take all necessary action to cease such SPAM, including suspending or terminating any User account, and cooperate with Telesign to cease such SPAM.
- Client is responsible for obtaining all necessary consent to enable lawful sending of messages to Users. Telesign may delay or suspend the delivery of any messages suspected to be SPAM until Client has provided Telesign with evidence, reasonably satisfactory to Telesign, that all necessary consent has been obtained.
- Client shall be liable to pay any fines or penalties levied by a government or regulatory body, and to fulfil any indemnification obligation owed by Telesign to any Carrier, as a result of SPAM being sent via the Services.
Generally applicable use restrictions:
Client shall:
- not use the Services or the Licensed Data, in part or in whole, for any purpose, or in any way prohibited by any Applicable Laws, or in any manner that may disable, impair, damage or interfere with any of Telesign’s hardware, software applications, system or network security, Intellectual Property Rights, the Services, or any other clients or users of the Services;
- not copy, reverse engineer, modify, create derivative works of, distribute, sell, resell, assign, pledge, sublicense, lease, loan, rent, share, timeshare, grant a security interest, deliver, or otherwise transfer, directly or indirectly, any portion of or rights in the Services, Client Portal, Licensed Data, or any of Telesign’s software (including source code thereto), computer systems or networks, or otherwise make available the Licensed Data (or any portion thereof) to third parties (except to the extent expressly set forth in this Agreement);
- maintain the confidentiality of Client’s username and password of Client Portal utilized to access the Services and to keep secure Telesign’s API key. Client bears the sole responsibility for any requests sent from its Telesign account and/or via the Telesign API and any and all usage of the Services via its account and any password and/or via the Telesign API by the Client, any User or any third party, whether with or without Client’s permission (unless such usage results from any negligence of Telesign). Any such usage shall be deemed to be Client’s use of the Services. Client must notify Telesign immediately upon any disclosure of Client’s password or any unauthorized use of Client’s account or if the Telesign API key have been compromised;
- not use the Services or the Licensed Data for the purpose(s) of solely automated decision-making producing legal effects or similarly affecting the User, such as:
- cancellation of a contract;
- entitlement to or denial of a particular social benefit granted by law, such as child or housing benefit;
- refused admission to a country or denial of citizenship;
- decisions that affect someone’s financial circumstances, such as their eligibility to credit (i.e.: assessing creditworthiness);
- decisions that affect Users’ access to health services;
- decisions that deny Users’ an employment opportunity;
- decisions that affect Users’ access to education, for example university admissions;
- decisions that affect Users’ access to housing;
- decisions that affect Users’ access to insurance;
- decisions that affect Users’ access to criminal justice; or
- decisions that affect Users’ access to basic necessities, or essential goods or services.
- provide all Users with any disclosure, notice, or explanation required by Applicable Laws and/or Providers concerning the Client’s use of the Services, and obtain, maintain and secure any necessary consent and authorizations from Users that may be required by Applicable Laws and/or Providers in order to authorize Telesign’s provision of the Services, or otherwise ensure a lawful basis for Telesign’s provision of the Services and processing of Client Data, including any Personal Information. If requested by Telesign, provide satisfactory evidence of its collection and continued receipt of User consent for the provision of the Services. Immediately provide any updates to notices, consents and authorizations to Telesign. Any records required to be kept to meet these obligations shall be retained by Client for at least 12 months or such other period as may be indicated in the applicable agreement;
- provide any information relating to Client’s use of the Services reasonably requested by Telesign;
- comply with the Fair Credit Reporting Act (“FCRA”), to the extent it is applicable, including without limitation, if information provided by Telesign will be used for employment decisions, certify to Telesign inwriting, that Client: (1) notified the applicant or employee and got their permission to get a consumer report; (2) complied with all of the FCRA requirements; and (3) will not discriminate against the applicant or employee or otherwise misuse the information, as provided by any applicable federal or state equal opportunity laws or regulations; and
- comply with the Gramm-Leach-Bliley Act (“GLBA”), to the extent it is applicable.
SMS, RCS & voice Services:
In relation to Services that involve the use of SMS or voice content, Client shall and shall ensure that its employees, Agents, contractors, Affiliates and any Users:
- comply with the Content Standards and the SPAM Policy;
- not use the Services to transmit any Inappropriate Content;
- not use the Services to engage in any spamming, mail-bombing, spoofing or any fraudulent, illegal, unauthorized, prohibited or improper use;
- except as expressly permitted in any Service description, not use the Services, or permit the Services to be used, to transmit marketing or advertising calls or messages without prior written consent from Telesign;
- not send any bulk message without a valid reply address or means for the User to contact Client, and instructions for opt-out from any marketing list;
- where prohibited by Applicable Law, not use long numbers or short numbers provided by Telesign for marketing purposes;
- only use the Services for the purpose of enabling Users to send invitations (e.g. invitations to join social media platforms): (i) to recipients in respect of which such Users have a personal, business or familial relationship; and (ii) in such a way that each User personally and knowingly selects the recipients of each invite, is made aware that this action will send an SMS or RCS message to each recipient, and initiates the sending of such messages;
- not send any message to any User that is registered on a “Do-Not-Call” or “Do-Not-Dial” register, or equivalent register in the User’s location, or to any User that has opted out of receiving messages from Client unless Client is entitled send such messages pursuant to Applicable Law;
- only send messages and make calls to telephone numbers of Users that were given directly to Client by such Users; Where appropriate, Client should from time to time validate with Users that their telephone numbers on record with Client are still valid and correct;
- not make any marketing calls at any time that would be outside calling time restrictions in the location of the User;
- not use the Services to send messages to children;
- not make any calls or messages for (a) political purposes (including for soliciting votes or supporting/opposing political issues); telemarketing or promotional purposes (including to induce the purchase of a good or service); or (c) charitable purposes (including calls or messages to previous donors);
- not use the Services for the purposes of gaming or gambling, the provision of financial services, educational services, defense or military services;
- not use any part of the Client Portal (including the Client account) as an anonymous gateway or proxy for the purpose of hiding the identity of the sender from the recipient of any message;
- not use any part of the Client Portal (including the Client account) as a target for the receipt and handling of reply or “bounce” messages resulting from bulk messaging operations launched from outside the Client Portal;
- comply with any requirements, industry guidelines, policies issued by Telesign or any Carriers or regulators, and cooperate with Telesign in relation to such compliance; and
- not use the Services to harass, discriminate or defame including sending harmful or hateful speech to any person.
Licensed Data:
In relation to Services in which Telesign provides Licensed Data, Client shall:
- only use Licensed Data for purposes in respect of which the User to whom such Licensed Data relates has expressly consented;
- not use the Services to collect or process information about any User without such User’s prior consent;
- use the Licensed Data for one-time use only, and shall not cache the Licensed Data for the purpose of reuse by Client;
- not use the Licensed Data, in part or in whole, in conjunction with any data mining or to create or store in any form an archive of the Licensed Data, or to construct products or services that may compete with the Services; and
- delete all Licensed Data within 30 days of delivery by Telesign, or immediately on termination of the Agreement or on request from Telesign;
- not store Licensed Data received from Austria, Spain, or France outside of the EU; and
- when using Score services in China and Singapore, expressly ask for User consent.
Phone Numbers:
In relation to Services in which Telesign provides Phone Numbers, Client shall note and agree that:
- each Carrier or international aggregator (“Provider”) may have different regulations regarding permitted inactivity periods of leased Phone In most cases three (3) consecutive months of none or negligible SMS traffic, in the Provider’s opinion shall be considered inactivity and may cause the cancellation of such Phone Numbers, with or without notice by said Provider. In the event that a Phone Number is cancelled by the Provider due to inactivity, Client’s request for re-activation will require submission of a new application. Telesign shall charge Client for any associated fees or costs imposed for submission and provisioning.
WhatsApp Service:
In relation to the use of WhatsApp Service, Client shall comply with the following:
- Client represents and warrants that it has independent status, works with companies that do business with clients/customers other than Meta and WhatsApp, and is not reliant on Meta or any WhatsApp Business Solution for sole or a substantial majority of its revenue.
- Client is restricted from collecting, sharing, transferring, or processing the personal information of any natural person who is located in China and will ensure that: a. Client’s end users/customers located in China are all business entities and are not natural persons or sole proprietor users;
- Any end user/customer information that may contain personal information collected, shared, transferred, or processed by Client is that of natural persons located outside of China;
- Encryption and decryption measures are properly implemented, along with other physical and technical safeguards set forth in the Agreement, or by Meta/WhatsApp terms of use and any applicable laws; and
- Client will conduct any additional due diligence and compliance training at the time of onboarding end users/customers to comply with any applicable legal/regulatory provisions as needed.
- Client shall host/process/store all data in a cloud solution located outside China or in an on-premises solution outside China. Storage of data on premises within China or on a cloud located within China will constitute a material breach of the Agreement. Client shall not host/process/store any data that must be hosted/stored within China according to applicable laws.
- Client (or its agents) may not access any WhatsApp Business Solution, perform integration activities (e.g., integration of the WhatsApp Business Solution into Client’s business solutions), or perform maintenance at the code level (including, but not limited to, updates, patches, bug fixes, and outsourcing of data) within China.
- Notwithstanding anything in the Agreement, (a) Clients Affiliates located in China are not, and will not be, party to the Agreement, and (b) Client may not perform any of its obligations or exercise any of its rights under the Agreement through any Client’s Affiliates located in China. For the avoidance of doubt, the Agreement does not confer or purport to confer any rights or benefits enforceable by such Client’s Affiliates located in China, and such Client Affiliates located in China shall not have any right to enforce any of the provisions of terms under the Agreement.